Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Taking A Look At PNG Files with pngdump.py Beta Version 0.0.3

published on 2022-09-25 20:10:41 UTC by Didier Stevens
Content:

Here’s a new beta version of my tool pngdump.py, a tool to analyze PNG files.

I took a look at all files on MalwareBazaar with a PNG tag, and made updates to pngdump.py to handle them.

I found 3 types of “PNG” files.

First, files spoofing PNG files: files that are not PNG files, but have a .png extension.

Like .exe and .rar files:

Second, valid PNG files with an appended payload:

Third, invalid PNG files. For example, PNG files with the right record structure, but where the Zlib compressed image is replaced by an RC4 encrypted payload (IcedID):

I also have other samples, but that’s for another blog post.

Beta version 0.0.3 is available on GitHub.

Article: Taking A Look At PNG Files with pngdump.py Beta Version 0.0.3 - published about 2 years ago.

https://blog.didierstevens.com/2022/09/25/taking-a-look-at-png-files-with-pngdump-py-beta-version-0-0-3/   
Published: 2022 09 25 20:10:41
Received: 2022 09 25 20:28:16
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor